[conspire] Autodowload a Virus

Ross Bernheim rossbernheim at speakeasy.net
Tue Jan 5 22:33:24 PST 2010

On Jan 5,  02010, at 9:15 PM, Rick Moen wrote:

> Quoting Don Marti (dmarti at zgp.org):
>> There's also a UI design problem.  If a user clicks
>> on a web link, you don't want something like:
>>  Open "http://downloads.rat-bag.com/spyware/pwn.deb"
>>  with "Nifty GUI Package Installer?"
>> Then, if the user clicks "Yes" or "Install" or
>> whatever...
>>  Please enter your password to run "Nifty GUI Package
>>  Installer" as root:
>> The user actions required to install new software
>> are getting too close to the actions required to
>> open a file.  The more different they are, the more
>> warning users get.
> Now, that's a really, really good point.
> Come to think of it, I'm not actually clear on what the user  
> experience
> looks like, in any recent Ubuntu release, when you fetch and then
> double-click on a .deb file in GNOME's file-management thingie
> (Nautilus?).  Maybe an Ubuntista would care to comment.  (Thanks!)

I am only familiar with the Kubuntu variant and have developed the  
habit of
installing Synaptic and using it to look for .debs in the repositories  
that I have
authorized it to use. I like Synaptic's information on the package. I  
will quite
often drop dow to the terminal and use apt-get to do the installation.

If it isn't in a recognized repository, I don't install it. I would  
rather do without
than risk the problems that could occur with a bad .deb.


More information about the conspire mailing list